유일한 개발자 기반 오픈 소스 관리 플랫폼인 FOSSA는 가장 광범위한 라이선스 인벤토리와 취약점 데이터베이스를 보유하고 있습니다.

기존 CI/CD 파이프라인과의 완전한 통합은 SDLC 초기에 더욱 완전하고 지속적인 가시성과 실행 가능한 통찰력을 제공합니다.

기존 워크플로에서 바로 OSS 문제를 감사, 분석, 제어 및 해결할 수 있습니다.

개요

Open Source License Compliance

Best-in-class license compliance with comprehensive dependency inventory and audit-grade reporting.

Complete Open Source Inventory

Get an accurate and precise scan of all code dependencies and third-party licenses

Audit-grade inventory of open source licenses across direct and transitive dependencies
Visibility into a variety of embedded, hidden, and declared OSS licenses in the source code
Detailed metadata information including license text, copyright info, and licensing obligations
Concrete usage, linkage, and root cause identification that cut false positives by 85%

Automate application security with open source vulnerability management built for the enterprise

Prevent vulnerabilities from entering the code base with end-to-end curated data

Minimal false-positives from a well-curated, updated, and accurate vulnerability database
License and vulnerability identification for Docker and OCI images
Shift left your security posture with our IDE integration
Notifications and alerts through Slack, JIRA, or email when new vulnerabilities are added
Realtime security stats and status via FOSSA's Vulnerability API

Strengthen software supply chain transparency and security with software bill of materials (SBOM) management from generation to import.

Supports CycloneDX and SPDX; exceeds U.S. government minimum SBOM requirements
Utilizes multiple techniques — beyond just analyzing manifest files — to produce an audit-grade component inventory
Integrates locally and/or with VCS (GitHub, GitLab, etc.)
Has comprehensive language and ecosystem support
Can be customized for a range of security, regulatory compliance, and license compliance use cases
Generate SBOMs for any prior version of your software, not just the current one
Doesn’t require source code access